Cookies and stored data

DataDome stores the following data on clients such as web browsers:

Name	Type	Purpose	Expiration	Size	Platform
datadome	Cookie	Used for both server-side and client-side detection to assess the legitimacy of a request. The cookie's data is encrypted for security and does not contain any personally identifiable information (PII).	1 year	128 bytes	Web, Mobile
dd_testcookie	Cookie	Used by the JS Tag to assess if the current context can save cookies. It is added then removed instantaneously, and is not persisted.	N/A	1 byte	Web
ddSession	Local Storage	Duplicate of the `datadome` cookie. Only exists when the sessionByHeader option is enabled on the JS Tag.	1 year	128 bytes	Web
ddOriginalReferrer	Session Storage	Stores the referrer value when a Device Check or CAPTCHA is triggered for later restoration.	End of session	Up to 2048 bytes	Web

📘
Recommendations
Operations such as blocking, tampering, or deleting the data listed above can result in issues or unexpected behaviors.
We recommend to watch out for mechanisms that can run such operations and do any necessary actions to prevent them.
Examples of unwanted tampering

Changing the Domain or Path attributes on the datadome cookie

Adding the HttpOnly attribute to the datadome cookie